To configure Apache on a Linux server in 2026, install the Apache package (apache2/httpd), start and enable the service, allow firewall ports 80/443, create a document root, add a virtual host, enable SSL with Let’s Encrypt, and apply performance and security tuning. Follow this step-by-step guide for Ubuntu/Debian and RHEL-based systems.
Configuring Apache on a Linux server is straightforward once you know the layout and best practices. In this guide, I’ll show you how to configure Apache on Linux server distributions like Ubuntu 24.04/22.04 and Rocky/AlmaLinux 9, including virtual hosts, free SSL, PHP-FPM, performance tuning, and security hardening that align with 2026 best practices.
What You’ll Need
- Linux server (Ubuntu 24.04/22.04, Debian 12, Rocky/AlmaLinux 9, RHEL 9)
- Root or sudo access
- Registered domain pointing to your server’s public IP (A/AAAA record)
- Open ports: 22 (SSH), 80 (HTTP), 443 (HTTPS)
- Optional: PHP-FPM, MySQL/MariaDB for dynamic apps (WordPress, etc.)
Step 1: Update the Server and Install Apache
Ubuntu/Debian
sudo apt update && sudo apt -y upgrade
sudo apt -y install apache2
apache2 -v
Rocky/AlmaLinux/RHEL
sudo dnf -y update
sudo dnf -y install httpd
httpd -v
You should see Apache HTTP Server 2.4.x, which uses the performant “event” MPM by default on most modern distros.
Step 2: Start, Enable, and Open the Firewall
# Start and enable
sudo systemctl enable --now apache2 # Ubuntu/Debian
sudo systemctl enable --now httpd # RHEL/Rocky/Alma
# Firewall (choose the tool your distro uses)
# UFW (Ubuntu)
sudo ufw allow OpenSSH
sudo ufw allow "Apache Full" # 80,443
sudo ufw enable
# firewalld (RHEL family)
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Visit http://your_server_ip to confirm the default Apache page loads.
Step 3: Know the Apache File Layout
- Ubuntu/Debian: configs in
/etc/apache2/withsites-available,sites-enabled,mods-available,mods-enabled - RHEL/Rocky/Alma: main config
/etc/httpd/conf/httpd.conf, include directory/etc/httpd/conf.d/, modules in/etc/httpd/modules - Document roots usually
/var/www/ - Logs:
/var/log/apache2/(Debian) or/var/log/httpd/(RHEL)
Step 4: Create a Document Root and Permissions
sudo mkdir -p /var/www/example.com/public_html
echo "<h1>Apache is working for example.com</h1>" | sudo tee /var/www/example.com/public_html/index.html
# Ownership: use your Linux user (replace $USER) and www-data/apache as needed
# Ubuntu/Debian:
sudo chown -R $USER:www-data /var/www/example.com
# RHEL family (group is 'apache'):
sudo chown -R $USER:apache /var/www/example.com
sudo find /var/www/example.com -type d -exec chmod 755 {} \;
sudo find /var/www/example.com -type f -exec chmod 644 {} \;
If SELinux is enforcing (RHEL family), label the content directory:
sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/example.com(/.*)?"
sudo restorecon -Rv /var/www/example.com
Step 5: Create a Name-Based Virtual Host (HTTP)
Ubuntu/Debian vHost
sudo nano /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
<Directory /var/www/example.com/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
sudo a2ensite example.com.conf
sudo a2enmod rewrite headers
sudo apache2ctl configtest
sudo systemctl reload apache2
RHEL/Rocky/Alma vHost
sudo nano /etc/httpd/conf.d/example.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog logs/example.com_error.log
CustomLog logs/example.com_access.log combined
<Directory /var/www/example.com/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
sudo httpd -t
sudo systemctl reload httpd
Point your domain’s A record to the server IP. Browsing http://example.com should show your index page.
Step 6: Enable HTTPS with Let’s Encrypt (Free SSL)
Use Certbot’s Apache plugin to automatically issue and install SSL certificates, plus set up HTTP→HTTPS redirects.
Ubuntu/Debian (Certbot)
sudo apt -y install certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
# Auto-renew check
sudo systemctl status certbot.timer
sudo certbot renew --dry-run
RHEL/Rocky/Alma (Certbot)
sudo dnf -y install certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
sudo certbot renew --dry-run
Certbot will configure your SSL vHost with strong defaults and set up automatic renewals. For HTTP/2, ensure the http2 module is enabled.
Step 7: Enable Essential Modules and HTTP/2
- mod_rewrite: pretty URLs and redirects
- mod_headers: security and caching headers
- mod_http2: HTTP/2 for faster parallelization
- Compression: mod_deflate or mod_brotli (if available)
# Ubuntu/Debian
sudo a2enmod http2 deflate headers rewrite ssl
# Optional (if available): sudo a2enmod brotli
sudo apache2ctl configtest && sudo systemctl reload apache2
# RHEL family
sudo sed -i 's/^#LoadModule http2_module/LoadModule http2_module/' /etc/httpd/conf.modules.d/00-base.conf 2>/dev/null || true
echo "Protocols h2 h2c http/1.1" | sudo tee /etc/httpd/conf.d/http2.conf
sudo httpd -t && sudo systemctl reload httpd
Note: For HTTP/3 in 2026, most teams use a CDN or a reverse proxy with QUIC (e.g., Nginx/HAProxy) in front of Apache. Apache’s HTTP/2 remains stable and widely deployed.
Step 8: Configure PHP-FPM (Optional for Dynamic Sites)
Install PHP-FPM
# Ubuntu/Debian (PHP 8.x)
sudo apt -y install php-fpm php-mysql
# RHEL family
sudo dnf -y install php php-fpm php-mysqlnd
sudo systemctl enable --now php-fpm
Enable Proxy to PHP-FPM
# Ubuntu/Debian
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php*-fpm
sudo systemctl reload apache2
# RHEL family: add to vHost or conf.d/php-fpm.conf
sudo nano /etc/httpd/conf.d/php-fpm.conf
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost/"
</FilesMatch>
sudo httpd -t && sudo systemctl reload httpd
Place a phpinfo() test file in the document root to verify PHP is served via FPM. Remove the file after testing.
Step 9: Performance Tuning for 2026
- Keep the Event MPM (default). Avoid prefork unless required by legacy modules.
- Tune MaxRequestWorkers based on RAM/CPU and site workload.
- Enable compression (Brotli or Deflate) and caching headers.
- Use HTTP/2 and persistent connections.
- Serve static assets from a CDN for global speed.
# Example MPM Event tuning snippet
# Ubuntu/Debian: /etc/apache2/mods-available/mpm_event.conf
# RHEL: /etc/httpd/conf.modules.d/00-mpm.conf or conf.d/mpm_event.conf
<IfModule mpm_event_module>
StartServers 2
ServerLimit 32
ThreadsPerChild 64
ThreadLimit 128
MaxRequestWorkers 2048
MaxConnectionsPerChild 10000
</IfModule>
# Caching and compression example (add inside vHost or global)
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Static asset caching
<FilesMatch "\.(ico|jpg|jpeg|png|gif|css|js|woff2?)$">
Header set Cache-Control "public, max-age=31536000, immutable"
</FilesMatch>
# Deflate compression
AddOutputFilterByType DEFLATE text/plain text/html text/css application/javascript application/json image/svg+xml
Step 10: Security Hardening
- Hide version info:
ServerTokens ProdandServerSignature Off - Principle of least privilege for files/dirs; avoid 777 permissions
- Enable SELinux/AppArmor policies properly
- Install a WAF like ModSecurity with OWASP CRS
- Rate limit with mod_evasive or use a CDN WAF
- Use strong TLS (TLSv1.2/1.3) and modern ciphers
# Global security (Ubuntu: /etc/apache2/conf-available/security.conf)
# (RHEL: /etc/httpd/conf.d/security.conf)
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# Limit methods (example)
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>
# ModSecurity (example install)
# Ubuntu/Debian:
sudo apt -y install libapache2-mod-security2
sudo a2enmod security2
# RHEL family:
sudo dnf -y install mod_security
# Add OWASP CRS and restart Apache (follow CRS docs)
Step 11: Logs, Monitoring, and Maintenance
- Config test:
apache2ctl -t(Debian) orhttpd -t(RHEL) - Service:
systemctl status apache2|httpd - Logs: access/error logs in
/var/log/apache2or/var/log/httpd - Journal:
journalctl -u apache2 -forjournalctl -u httpd -f - Log rotation: handled by logrotate; verify
/etc/logrotate.d/apache2|httpd
# Quick checks
apache2ctl -S # Debian: vHosts overview
httpd -S # RHEL
apache2ctl -M # Loaded modules
httpd -M
Troubleshooting: Common Apache Errors
- 403 Forbidden: wrong permissions or missing
Require all granted; on RHEL, fix SELinux contexts. - 404 Not Found: document root or vHost mismatch; check
apache2ctl -S. - Port already in use: stop conflicting service or change Listen ports.
- AH00558 (ServerName): set a global
ServerNamein main config to silence the warning. - Let’s Encrypt failure: confirm DNS A/AAAA records point to your server and port 80 is open.
When to Choose Managed Hosting (Save Time and Risk)
If you’d rather not handle SSL renewals, tuning, and security patches yourself, a managed plan is safer. At YouStable, our Linux experts pre-optimize Apache (HTTP/2, PHP-FPM, caching, WAF) and monitor 24×7, so you can focus on your site or app while we keep your stack fast, secure, and up-to-date.
Final Checklist
- Installed Apache and opened firewall ports 80/443
- Configured a document root and correct permissions
- Created virtual hosts for your domains
- Issued Let’s Encrypt SSL and forced HTTPS
- Enabled HTTP/2, compression, caching headers
- Hardened security (tokens, WAF, least privilege)
- Tuned MPM event and verified logs/monitoring
FAQs: Configure Apache on Linux Server (2026)
Where are Apache configuration files on Ubuntu vs. CentOS/Rocky?
Ubuntu/Debian store configs in /etc/apache2 with sites-available/sites-enabled and mods-available/mods-enabled. RHEL/Rocky/AlmaLinux use /etc/httpd, with the main file at /etc/httpd/conf/httpd.conf and additional vHosts in /etc/httpd/conf.d/*.conf.
How do I host multiple websites on one server?
Create a separate document root and virtual host for each domain. On Ubuntu, place vHosts in /etc/apache2/sites-available and run a2ensite. On RHEL family, create one .conf per site in /etc/httpd/conf.d. Reload Apache after config tests.
How do I redirect HTTP to HTTPS in Apache?
The Certbot Apache installer can add redirects automatically. Manually, use RewriteRule in the port 80 vHost or set VirtualHost:80 to redirect to https:// with mod_rewrite and a 301 rule, then reload Apache.
How do I restart or reload Apache safely?
Use systemctl reload apache2|httpd to apply config changes without dropping connections. Use systemctl restart for module changes or after crashes. Always test configs first with apache2ctl -t or httpd -t.
Is Apache or Nginx better for WordPress in 2026?
Both perform excellently. Apache is flexible with .htaccess and rich modules; Nginx excels as a reverse proxy and for high-concurrency static delivery. Many teams use Nginx in front of Apache+PHP-FPM. If you prefer hands-off performance, a managed YouStable stack is optimized for WordPress either way.
With the steps above, you can confidently configure Apache on Linux server environments, deploy secure virtual hosts with free SSL, and keep performance high. Bookmark this guide for 2026 best practices and updates.
